> -----Original Message----- > From: Andrew Ballard [mailto:aballard@xxxxxxxxx] > Sent: Thursday, September 09, 2010 11:22 AM > To: Jack > Cc: PHP > Subject: Re: Show text without converting to html > <snip /> > > It will protect against a (possibly large?) percentage of those that are > looking for the lowest hanging fruit. I have a few reasons that feed my > doubts about its effectiveness: > > - The most common answer you find when you search for e-mail > obfuscation is something similar to what you've shown, whether it uses > HTML character entities, numeric entities, or a combination of the two. > > - The overhead to convert frankly isn't that high. I realize that in the case of > a harvester you are multiplying that overhead by the sheer volume of > content being processed, but given the speed of processors I don't think > that matters much anymore. > > - There are simple ways to minimize the overhead. For example, a script > does not have to decode an entire page; it only has to look for anchor tags > and decode the contents of the href attribute of each tag found. > > > Combine these and I don't think this obfuscation technique adds enough > cost to be much of a barrier. Of course, this is just my opinion. > Those who write harvesters might be lazier than I give them credit. > > > Andrew > I think it all depends on the value of the crop(s) to be harvested.. ;) As for performance, even the speed of the processors are much faster today than before, it will affect performance depending on # of hits. In addition, the bandwidth consumption will increase considerably on a heavy traffic site with all the extra characters for obfuscation, especially if you're on a capped hosting service. If you have something you want to safeguard, IMO, use authentication. Or you could try to create a monitoring mechanism to detect any unwanted behavior and deny the request(s). Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
